Man-in-the-Middle Attack on Contactless Payment over NFC Communications: Design, Implementation, Experiments and Detection

A recent development emanating from RFID technology is Near Field Communication (NFC). Basically, NFC is a popular short range (<10 cm) wireless communication technology with applications in areas sensitive to security and privacy concerns such as contactless payment. Since NFC communications require very close proximity between two communicating devices (e.g., a smartcard and a terminal), it is generally believed that Man-in-the-Middle (MITM) attacks are practically infeasible here. Contrasting this belief, in this paper, we successfully establish MITM attack in NFC communications between a passive tag and an active terminal. We carefully present physical fundamentals of the attack, our engineering design, and results of successful attack implementation. Subsequently, we present the practical applicability of our MITM attack that exploits a potential vulnerability in EMV based contactless payment protocol, which arises due to separation between card authentication and transaction authorization phases. We demonstrate how an attacker can compromise the integrity of a contactless payment using a malicious MITM card, and also present multiple attack/victim scenarios to analyze different types of impacts of our attack. Further, we conduct rigorous experimental studies to analyze both hardware and practical ramifications of our attack. Finally, we propose a mechanism to detect the MITM attack based on experimental analysis that demands no additional hardware.